Confidentiality is core. We teach students not to gossip. Notes are password protected. Doctors are struck off if they reveal private facts about patients in public. And patients need this safety so that they can talk without fear: without an expectation of confidentiality doctors would know even less about patients’ problems.

But privacy is eroding. Doctors have long been expected to breach confidences in specific circumstances—for example, in the United Kingdom, if patients disclose conditions that mean they should not drive. In such cases the doctor must tell the government, but only after making “every reasonable effort to persuade them to stop [driving],” and, the General Medical Council says, after the patient has been told in person and in writing.1

On its website the Care Quality Commission (CQC) shows the number of patient records that are read during inspections. It says that its inspectors have had confidentiality training and that they “handle many types of sensitive personal information every day and abide by a code of practice, just like GPs.”2

The Health and Social Care Act 2008 gave the CQC powers to “access, inspect and take” any documents held by any clinic that it inspects, where it considers this “necessary or expedient.” This is “without the consent of the people to whom those records relate—and even, if necessary, against their wishes.”3 It is unfathomable why the CQC should not ask patients for permission first. As it is, they may never know that their notes have been read by an external agent.

UK local health authorities can inspect practices to check whether they have been accurate in their financing. Looking at patients’ notes is again legally allowed as “secondary data use” because the data are not being used for direct patient care but for commissioning, audit, or research.4 Patients may be advised of this when they join a practice, but is it widely and fully understood that this means their notes may be read by other people?

Doctors should stand guard over uninformed, unnecessary access to the confidential information entrusted to us. Are we doing enough? Surely, anonymised data would be sufficient for contractual inspections. And patients should know that they can opt out of this secondary use of data by having a code placed on their records. The CQC says that it “should” then respect these patients’ wishes and not open their notes.

Many citizens are keen to contribute to high quality academic research; they may be less keen on the myriad other secondary uses of their data. Should we routinely ask patients whether they want their records coded to minimise access by external organisations?

Notes

Cite this as:BMJ 2014;349:g6763

Footnotes

Competing interests: I have read and understood the BMJ policy on declaration of interests and declare the following interests: I’m an NHS GP partner, with income partly dependent on Quality and Outcomes Framework points. I’m a part time undergraduate tutor at the University of Glasgow. I’ve written a book and earned from broadcast and written freelance journalism. I’m an unpaid patron of Healthwatch. I make a monthly donation to Keep Our NHS Public. I’m a member of Medact. I’m occasionally paid for time, travel, and accommodation to give talks or have locum fees paid to allow me to give talks but never for any drug or public relations company. I was elected to the national council of the Royal College of General Practitioners in 2013.

This is an Open Access article distributed in accordance with the Creative Commons Attribution Non Commercial (CC BY-NC 4.0) license, which permits others to distribute, remix, adapt, build upon this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited and the use is non-commercial. See: http://creativecommons.org/licenses/by-nc/4.0/.